基于加权复杂网络的恶意软件入侵预警算法  

作　　者：熊欢 刘鑫[2] XIONG Huan;LIU Xin(College of Electronic Information and Computer Engineering,Sichuan Institute of Industrial Technology,Sichuan Deyang 618000,China;Central South University,School of Computer Science and Engineering,Changsha Hunan 410083,China)

机构地区：[1]四川工业科技学院电子信息与计算机工程学院,四川德阳618000 [2]中南大学计算机学院,湖南长沙410083

出　　处：《计算机仿真》2025年第2期422-426,共5页Computer Simulation

摘　　要：恶意入侵代码的种类较多,每种入侵软件均具有特定攻击方式和特征,导致准确预警恶意入侵困难。为此,提出基于加权复杂网络的软件恶意入侵预警算法。构建加权复杂网络模型,获取网络节点的强度,检测网络异常节点,计算样本方差,获取节点中位数置信区间,得到整体样本中异常节点的置信度区间,确定入侵节点的区域范围,通过求解节点的能耗情况,根据自适应提升算法(Adaptive lifting algorithm, Adaboost)中的分类器,得出样本数据的原始权值,得出入侵数据的分类结果,利用预警模型判定软件恶意入侵行为,实现入侵预警。实验结果表明,所提算法对单个以及多个节点的检测率均较高,且虚警率更低,节点预警所需时间短,最短仅为0.05ms。At present,there are various types of malicious intrusion codes,and each has its own attack methods and characteristics,so it is difficult to make early warning for malicious intrusions accurately.Therefore,an early warning algorithm for malicious intrusion based on weighted complex networks was proposed.Firstly,the algorithm constructed a weighted complex network model to determine the strength of the network node,thus detecting abnormal nodes in the network.Moreover,the algorithm calculated the sample variance,and thus obtained the confidence interval of the median of node values as well as the confidence interval of abnormal nodes in the overall sample.Furthermore,the regional range of intrusion nodes was determined,and then the energy consumption of nodes was calculated.After that,the original weights of sample data and the classification results of the intrusion data were obtained by using the classifier in the adaptive lfting algorithm(Adaboost).Finally,the algorithm used the early warning model to determine malicious intrusion behavior,thus achieving the early warning for intrusion.Experimental results show that the proposed algorithm has higher detection rates for single and multiple nodes,lower false alarm rates and shorter node warning time,which is as short as 0.05ms.

关 键 词：加权复杂网络 恶意软件 入侵预警 置信度 异常节点检测 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]